Post navigation

“Data breach and the distribution of personal information is a growing risk for Oregonians. Nationally, data breaches in 2013 exposed an estimated 546 million piece of personal information. The Oregon Identity Theft Prevention Act of 2007 requires businesses and governmental agencies to notify consumers of digital data breaches and develop safeguards for personal information but provides no protection for medical, insurance or biometric information. By extending enforcement power to the Oregon Department of Justice, Oregon will be able to use the effective enforcement tools of the already-existing Unlawful Trade Practices Act .” Read more here.

Track the status of legislative action on this issue and in other areas that affect your practice by using the Oregon State Bar 2015 Regular Session Bill Tracking tool.

The 2015 Oregon State Bar Law Improvement Proposals are found here. The 2015 Oregon State Bar Legislative Priorities include improvements to court funding in general, eCourt funding in particular, and legal services to the poor. Read more here.

The latest ABA Legal Technology Survey Report notes that “Nearly half of law firms were infected with viruses, spyware or malware last year.” Fourteen percent of law firms “experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Where to Start

With such staggering numbers, it is easy to become overwhelmed. If you are concerned about cyber security but don’t know where to start, begin here at the ABA Web site. If you are a prolific user of mobile devices, be sure to check out the ABA’s suggestions for Security on the Go. To understand the state of security in US law firms, read this post by Bob Ambrogi.

Forensic and legal assistance to determine compliance with applicable law

Notifications to individuals as required by law

12 months credit monitoring to each notified client

Loss mitigation resources for law firms

If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.

Protect Yourself Against Scams

The security measures outlined above are a good start toward protecting your firm and your clients from scams. For more complete protection, get educated. Order the free PLF CLE: “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss,” and talk to your bank about fraud protection services.

Viruses are More Common at Law Firms than Encryption, ABA Survey Shows

“Nearly half of law firms were infected with viruses, spyware or malware last year, according to the latest ABA Legal Technology Survey Report. At the same time, only a quarter of law firms had any kind of email encryption available for their lawyers to use, the survey found.

Also, 14% of law firms experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

To be safe, download an alternate browser like Firefox or Chrome and avoid Internet Explorer until Microsoft issues a patch. UPDATE: a patch is now available for all Windows users, even XP. Run Windows Update to verify the patch has been installed. in my case, I found it had been downloaded but not installed.

Update Adobe Flash PlayerA second security bug involves Adobe Flash Player. This vulnerability permits remote code execution, potentially giving hackers access to your computer. (For those who are curious, the result is the same as the Internet Explorer vulnerability, but the two security issues are unrelated.)

With data breaches in the news on an almost daily basis, how do you protect your law firm’s assets? What advice should you give to your clients?

The FTC offers a list of 13 data security resources to help you get started. From mobile apps to digital copiers and shutting down spam, there is a ton of good advice to be culled from these posts and PDFs: Continue reading →

Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be the names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

If you correspond with friends, family, clients, or colleagues who use Yahoo’s mail service, scrutinize incoming e-mail carefully to avoid phishing scams.

This breach has another takeaway for lawyers – you are only as secure as your third party vendors. The Yahoo and Target breaches were both the result of third-party vendor hacks. In the case of Yahoo, the information was collected from a third-party database. In the Target hack, credentials were stolen from a third party vendor.

Lawyers should take this to heart when evaluating their own cyber liability and security – specifically with regard to HIPAA compliance. If your servers are hosted in the cloud, or you use cloud-based practice management, accounting, or backup solutions, inquire into the security procedures of your vendors. Remember that encryption is your friend. All data stored in the cloud should be encrypted – minimally by your vendor. Better yet: go the extra mile. Seek out cloud providers who permit you to add your own third party encryption, like Viivo or TrueCrypt, so that you (and only you) hold the final encryption key.

For example, one of the newer scams involves someone posing as a real estate buyer and contacting a mortgage broker or real estate agent instead of a lawyer. The broker or agent then refers the buyer to a lawyer, not realizing that the purported buyer is really a scammer. The attorney often knows the mortgage broker or real estate agent and so doesn’t question the legitimacy of the transaction. A variation on the scam occurs where the scammer asks a lawyer in one area of the country to provide a referral to a lawyer in a different region. Some scammers assume the identity of actual attorneys in order to perpetrate the fraud. They claim to be referring a client — often themselves — for claimed legal assistance.

Learning about the latest scams is one way to keep on your toes. Here are some others:

Watch or listen to our CLE: Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss, available on the PLF Web site > Programs on CD/DVD.

The Oregon State Bar is warning lawyers of a telephone scam underway now in Washington:

Scam Alert
OSB members: The Washington State Bar Association is warning its members about a telephone scam in which callers claiming to represent the bar are asking its members for personal information. These calls are not from the WSBA. Although we have no reports of similar calls in Oregon at this time, it has happened in the past and could recur. If you receive such a call do not reveal any personal information.

Many lawyers are hesitant to receive wire transfers from unknown parties, such as a new client or a third party payer on the client’s behalf. Why? Because once these parties have your banking information in hand, they can readily steal your money. Funds can’t be wired to your business or IOLTA accounts unless you disclose your account number(s), routing number(s), and the bank with whom you do business. Many lawyers don’t want clients or third party payers to have this information, even if the purpose is completely legitimate.

So how can you receive a wire without exposing your personal banking information?

As we learned at our CLE, “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss” banks can shield your personal information by assigning your accounts a unique payment identification code. When receiving a wire or electronic payment, simply provide the payer with the unique code in lieu of your bank account number. Wells Fargo refers to this service as Perfect Receivables.

If you want to accept wire transfers and electronic payments without exposing your personal banking information, talk to your banker today. If you are an Oregon lawyer and did not attend our CLE, “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss” consider ordering the FREE program from our Web site > Programs on CD/DVD.